book

The Cyber Risk Handbook

Name: The Cyber Risk Handbook
Author: Domenic Antonucci
ISBN: 9781119308805

by Domenic Antonucci

May 2017

Intermediate to advanced

448 pages

11h 33m

English

Wiley

Read now

Unlock full access

Foreword The State of Cybersecurity
The Global Cyber CrisisThe Time for ChangeIncreasing Cyber Risk Management MaturityAbout ISACAAbout Ron Hale
About the Editor
List of Contributors
Acknowledgments
Chapter 1: Introduction
The CEO under PressureToward an Effectively Cyber Risk–Managed OrganizationHandbook Structured for the EnterpriseHandbook Structure, Rationale, and BenefitsWhich Chapters Are Written for Me?
Chapter 2: Board Cyber Risk Oversight: What Needs to Change?
What Are Boards Expected to Do Now?What Barriers to Action Will Well-Intending Boards Face?What Practical Steps Should Boards Take Now to Respond?Cybersecurity—The Way ForwardNotesAbout Risk Oversight Solutions Inc.About Tim J. Leech, FCPA, CIA, CRMA, CFEAbout Lauren C. Hanlon, CPA, CIA, CRMA, CFE
Chapter 3: Principles Behind Cyber Risk Management
Cyber Risk Management Principles Guide ActionsMeeting Stakeholder NeedsCovering the Enterprise End to EndApplying a Single, Integrated FrameworkEnabling a Holistic ApproachSeparating Governance from ManagementConclusionNotesAbout RIMSAbout Carol Fox
Chapter 4: Cybersecurity Policies and Procedures
Social Media Risk PolicyRansomware Risk Policies and ProceduresCloud Computing and Third-Party VendorsBig Data AnalyticsThe Internet of ThingsMobile or Bring Your Own Devices (BYOD)ConclusionNotesAbout IRMAbout Elliot Bryan, BA (Hons), ACIIAbout Alexander Larsen, FIRM, President of Baldwin Global Risk Services
Chapter 5: Cyber Strategic Performance Management
Pitfalls in Measuring Cybersecurity PerformanceCybersecurity Strategy Required to Measure Cybersecurity PerformanceCreating an Effective Cybersecurity Performance Management SystemConclusionNoteAbout McKinsey CompanyAbout James KaplanAbout Jim Boehm
Chapter 6: Standards and Frameworks for Cybersecurity
Putting Cybersecurity Standards and Frameworks in ContextCommonly Used Frameworks and Standards (a Selection)Constraints on Standards and FrameworksConclusionNotesAbout Boston Consulting Group (BCG)About William YinAbout Dr. Stefan A. Deutscher

Chapter 7: Identifying, Analyzing, and Evaluating Cyber Risks
The Landscape of RiskThe People FactorA Structured Approach to Assessing and Managing RiskSecurity CultureRegulatory ComplianceMaturing SecurityPrioritizing ProtectionConclusionNotesAbout the Information Security Forum (ISF)About Steve Durbin
Chapter 8: Treating Cyber Risks
IntroductionTreating Cybersecurity Risk with the Proper Nuance in Line with an Organization’s Risk ProfileDetermining the Cyber Risk ProfileTreating Cyber RiskAlignment of Cyber Risk TreatmentPracticing Cyber Risk TreatmentConclusionAbout KPMGAbout John HermansAbout Ton Diemont
Chapter 9: Treating Cyber Risks Using Process Capabilities
Cybersecurity Processes Are the Glue That BindsNo Intrinsic Motivation to DocumentLeveraging ISACA COBIT 5 ProcessesCOBIT 5 Domains Support Complete Cybersecurity Life CycleConclusionAbout ISACAAbout Todd Fitzgerald
Chapter 10: Treating Cyber Risks—Using Insurance and Finance
Tailoring a Quantified Cost-Benefit ModelPlanning for Cyber Risk InsuranceThe Risk Manager’s Perspective on Planning for Cyber InsuranceCyber Insurance Market ConstraintsConclusionNotesAbout AonAbout Kevin Kalinich, Esq.
Chapter 11: Monitoring and Review Using Key Risk Indicators (KRIs)
DefinitionsKRI Design for Cyber Risk ManagementConclusionNotesAbout WabilityAbout Ann Rodriguez
Chapter 12: Cybersecurity Incident and Crisis Management
Cybersecurity Incident ManagementCybersecurity Crisis ManagementConclusionAbout CLUSIFAbout Gérôme Billois, CISA, CISSP and ISO27001 CertifiedAbout Wavestone
Chapter 13: Business Continuity Management and Cybersecurity
Good International Practices for Cyber Risk Management and Business ContinuityEmbedding Cybersecurity Requirements in BCMSDeveloping and Implementing BCM Responses for Cyber IncidentsConclusionAppendix: Glossary of Key TermsAbout MarshAbout Marsh Risk ConsultingAbout Sek Seong Lim, CBCP, PMC
Chapter 14: External Context and Supply Chain
External ContextBuilding Cybersecurity Management Capabilities from an External PerspectiveMeasuring Cybersecurity Management Capabilities from an External PerspectiveConclusionAbout The SCRLCAbout Nick Wildgoose, BA (Hons), FCA, FCIPS
Chapter 15: Internal Organization Context
The Internal Organization Context for CybersecurityTailoring Cybersecurity to Enterprise ExposuresConclusionNoteAbout Domenic AntonucciAbout Bassam Alwarith
Chapter 16: Culture and Human Factors
Organizations as Social SystemsHuman Factors and CybersecurityTrainingFrameworks and StandardsTechnology Trends and Human FactorsConclusionNoteAbout Avinash TotadeAbout Sandeep Godbole
Chapter 17: Legal and Compliance
European Union and International Regulatory SchemesU.S. RegulationsCounsel’s Advice and “Boom” PlanningConclusionNotesAbout the Cybersecurity Legal Task ForceAbout Harvey RishikofAbout Conor Sullivan
Chapter 18: Assurance and Cyber Risk Management
What the Internal Auditor Expects from an Organization Managing Its Cyber Risks EffectivelyHow to Deal with Two Differing Assurance Maturity ScenariosCombined Assurance Reporting by ERM HeadConclusionAbout Stig Sunde, CISA, CIA, CGAP, CRISC, IRM Cert.
Chapter 19: Information Asset Management for Cyber
The Invisible AttackerA Troubling TrendThinking Like a GeneralThe Immediate Need—Best PracticesCybersecurity for the FutureTime to ActConclusionAbout Booz Allen HamiltonAbout Christopher Ling
Chapter 20: Physical Security
Tom Commits to a PlanGet a Clear View on the Physical Security Risk Landscape and the Impact on CybersecurityManage or Review the Cybersecurity OrganizationDesign or Review Integrated Security MeasuresReworking the Data Center ScenarioCalculate or Review Exposure to Adversary AttacksOptimize Return on Security InvestmentConclusionAbout Radar Risk GroupAbout Inge VandijckAbout Paul van Lerberghe
Chapter 21: Cybersecurity for Operations and Communications
Do You Know What You Do Not Know?Threat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You?Data and Its Integrity—Does Your Risk Analysis Produce Insight?Digital Revolution—What Threats Will Emerge as Organizations Continue to Digitize?Changes—How Will Your Organization or Operational Changes Affect Risk?People—How Do You Know Whether an Insider or Outsider Presents a Risk?What’s Hindering Your Cybersecurity Operations?Challenges from WithinWhat to Do NowConclusionAbout EYAbout Chad HolmesAbout James Phillippe
Chapter 22: Access Control
Taking a Fresh Look at Access ControlOrganization Requirements for Access ControlUser Access ManagementUser ResponsibilitySystem and Application Access ControlMobile DevicesTeleworkingOther ConsiderationsConclusionNotesAbout Sidriaan de Villiers, PwC Partner South Africa
Chapter 23: Cybersecurity Systems: Acquisition, Development, and Maintenance
Build, Buy, or Update: Incorporating Cybersecurity Requirements and Establishing Sound PracticesSpecific ConsiderationsConclusionNotesAbout Deloitte Advisory Cyber Risk ServicesAbout Michael Wyatt
Chapter 24: People Risk Management in the Digital Age
Rise of the MachinesEnterprise-Wide Risk ManagementTomorrow’s TalentCrisis ManagementRisk CultureConclusionNotesAbout AirmicAbout Julia Graham
Chapter 25: Cyber Competencies and the Cybersecurity Officer
The Evolving Information Security ProfessionalThe Duality of the CISOJob Responsibilities and TasksConclusionNotesAbout ISACAAbout Ron Hale
Chapter 26: Human Resources Security
Needs of Lower-Maturity HR FunctionsNeeds of Mid-Maturity HR FunctionsNeeds of Higher-Maturity HR FunctionsConclusionNotesAbout Domenic Antonucci
Epilogue
BackgroundBecoming CyberSmartNotesAbout Domenic AntonucciAbout Didier Verstichel
Glossary
Index
EULA

Overview

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

Learn how cyber risk management can be integrated to better protect your enterprise
Design and benchmark new and improved practical counter-cyber capabilities
Examine planning and implementation approaches, models, methods, and more
Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119308805Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills